Method for managing public key
First Claim
1. A system for managing a public key in an environment having a hierarchical network with a domain name at each hierarchy, a DNS server provided at each hierarchy for managing correspondence between the domain name and an address, and hosts accommodated in the network, the DNS server serving to distribute a public key of another host to the host belonging to the network, the DNS server having means for managing the public key and a database for storing the public key of the host belonging to the network and the domain name in a corresponding manner, the method comprising:
- when a first host issues an inquiry about a public key of a second host on the information about the domain name, prompting the means for managing the public key to refer to the database, thereby answering the information on the public key of the second host corresponding to the domain name to the first host,wherein when the DNS server receives an inquiry of the public key of the second host from the first host, if no entry corresponding to the domain name of inquiry is found in the database of the DNS server itself, solution of the inquiry of the public key is recursively entrusted to another DNS server provided with the another means for managing a public key and the database along the hierarchy of the domain name.
1 Assignment
0 Petitions
Accused Products
Abstract
In a network having hierarchical domain names and a DNS server for managing the correspondence between the domain name and the address located at each hierarchy, each DNS server provides a module for managing a public key and a database for indicating correspondence between a public key and a domain name of the host belonging to the network. When two hosts start to do security communication with each other, one host operates to automatically acquire a public key of a target host from the function-expanded DNS. The packet for inquiring the public key contains the name of the DNS server trusted by the host. The DNS server specified by this host operates to add an electronic signature to the packet for answering the public key. The host enables to determine if the public key contained in the packet for answering the public key may be trusted on this electronic signature, thereby preventing a malignant host from feigning be a target host.
-
Citations
2 Claims
-
1. A system for managing a public key in an environment having a hierarchical network with a domain name at each hierarchy, a DNS server provided at each hierarchy for managing correspondence between the domain name and an address, and hosts accommodated in the network, the DNS server serving to distribute a public key of another host to the host belonging to the network, the DNS server having means for managing the public key and a database for storing the public key of the host belonging to the network and the domain name in a corresponding manner, the method comprising:
-
when a first host issues an inquiry about a public key of a second host on the information about the domain name, prompting the means for managing the public key to refer to the database, thereby answering the information on the public key of the second host corresponding to the domain name to the first host, wherein when the DNS server receives an inquiry of the public key of the second host from the first host, if no entry corresponding to the domain name of inquiry is found in the database of the DNS server itself, solution of the inquiry of the public key is recursively entrusted to another DNS server provided with the another means for managing a public key and the database along the hierarchy of the domain name. - View Dependent Claims (2)
-
Specification